Commit Graph

7 Commits

Author SHA1 Message Date
Lucas 'Paperboy' Rose-Winters f09c42ec6e fix(ai-context): sync manual edits to committed tracker data
Fixes critical issue where manual edits (add location, add item, change
stats, etc.) were invisible to AI in next generation, causing edits to be
immediately overwritten.

Root Cause:
- Manual edits updated extensionSettings and lastGeneratedData
- AI prompt builder used committedTrackerData (NOT extensionSettings)
- Manual edits were never synced to committedTrackerData
- Result: AI didn't see manual changes, overwrote them

Solution - Sync to Both Data Stores:

All manual edit points now update BOTH:
1. lastGeneratedData (for display)
2. committedTrackerData (for AI context)

Files Modified:

1. **src/systems/interaction/inventoryActions.js**
   - updateLastGeneratedDataInventory() now sets committedTrackerData.userStats
   - Affects: add/remove items, add/remove locations

2. **src/systems/rendering/userStats.js**
   - All 3 edit handlers now set committedTrackerData.userStats
   - Affects: stat values (health, etc.), mood emoji, conditions
   - Also fixed: now uses buildInventorySummary() for proper v2 format

3. **src/systems/rendering/infoBox.js**
   - updateInfoBoxField() now sets committedTrackerData.infoBox
   - Affects: date, weather, temperature, time, location

4. **src/systems/rendering/thoughts.js**
   - updateCharacterField() now sets committedTrackerData.characterThoughts
   - Affects: character emoji, name, traits, thoughts, relationship

Impact - Manual Edits Now Persist:

Before:
- Add location "Home" → Next generation → Location gone 
- Add item "Sword" → Next generation → Item gone 
- Change health to 25% → AI ignores it 

After:
- Add location "Home" → Next generation → Location persists ✓
- Add item "Sword" → Next generation → Item included ✓
- Change health to 25% → AI acknowledges low health ✓

Works in Both Modes:
- Together mode: AI sees manual edits in injected prompt ✓
- Separate mode: AI sees manual edits in context ✓

User Experience:
- "I edited it, so it should stay" - now works as expected
- AI builds on manual changes instead of overwriting them
- Minimal overhead (just string copies)

Fixes: Manual inventory/stats edits being overwritten by AI generation
2025-10-20 08:05:08 +11:00
Lucas 'Paperboy' Rose-Winters e21e71b03a fix(inventory): ensure stored locations always initialized properly
Fixes Bug #3: Locations disappearing when switching tabs or on reload.

Root cause: inventory.stored could become corrupted (null, array, or
undefined) due to incomplete validation during load/save operations.

Solution - Defense in Depth:

1. **Persistence Layer** (src/core/persistence.js):
   - New validateInventoryStructure() function
   - Validates on loadSettings() and loadChatData()
   - Checks all v2 fields (onPerson, stored, assets, version)
   - Ensures stored is always a plain object
   - Validates stored keys/values using validateStoredInventory()
   - Auto-repairs corrupted data with console warnings
   - Persists repairs immediately

2. **Form State Management** (src/systems/interaction/inventoryActions.js):
   - Enhanced restoreFormStates() to detect deleted locations
   - Cleans up orphaned form states automatically
   - Prevents errors from forms referencing non-existent locations

Validation checks:
- ✓ inventory.stored is object (not null/array/undefined)
- ✓ All stored keys are safe (no __proto__, constructor, etc.)
- ✓ All stored values are strings
- ✓ onPerson and assets are strings
- ✓ version field exists

Auto-repair scenarios:
- Corrupted stored → reset to {}
- Invalid onPerson/assets → reset to "None"
- Missing version → set to 2
- Dangerous keys → removed with warning

Result:
- Locations persist across tab switches ✓
- Empty locations persist ✓
- Data corruption auto-repaired on load ✓
- Orphaned form states cleaned up ✓
- No crashes from invalid data ✓

Fixes: Location disappears when switching tabs or reloading
2025-10-20 07:19:46 +11:00
Lucas 'Paperboy' Rose-Winters 681c2f0e47 feat(inventory): add security hardening for prototype pollution and DoS
Created comprehensive security layer to protect against malicious input
and resource exhaustion attacks.

New security.js module:
- sanitizeLocationName(): Blocks __proto__, constructor, toString, etc.
- sanitizeItemName(): Enforces max length (500 chars)
- validateStoredInventory(): Validates entire stored object structure
- MAX_ITEMS_PER_SECTION: Limit of 500 items per section

Protected attack vectors:
1. Prototype pollution via location names
   - Blocked: "__proto__", "constructor", "prototype", etc.
   - Alert shown to user if attempted

2. DoS via extremely long names
   - Location names: max 200 chars (truncated with warning)
   - Item names: max 500 chars (truncated with warning)

3. DoS via massive item lists
   - Max 500 items per section (truncated with warning)

Integration:
- itemParser.js: Uses sanitizeItemName() and enforces max items
- inventoryActions.js: Validates all user input before saving
  - Manual location creation: blocked dangerous names
  - Manual item addition: length limits enforced

Security best practices (2025):
- No regex DoS vulnerabilities (character-by-character parsing)
- Explicit hasOwnProperty checks to avoid inherited properties
- Console warnings for all security events (auditing)
- Graceful degradation (truncate, don't crash)
- Defense in depth (validation at multiple layers)

This protects against both malicious actors and accidental abuse.
2025-10-20 07:16:54 +11:00
Lucas 'Paperboy' Rose-Winters 0991c30fc9 fix(inventory): preserve form state across re-renders
Fixes bug where expanding an existing storage location would close
the "Add Location" form that was currently open. This happened
because renderInventory() recreated all HTML from scratch, resetting
all inline forms to hidden state.

Solution:
- Track open form states in inventoryActions module
- Restore form visibility after each re-render
- Applies to all inline forms: add location, add items (on person,
  stored, assets)

This also fixes the related issue where switching tabs would close
open forms.

Fixes: Location disappears when expanding while adding new location
2025-10-20 07:06:04 +11:00
Lucas 'Paperboy' Rose-Winters 73050a085b feat(inventory): add list/grid view modes with individual item management
Implemented comprehensive individual item management system with toggleable view modes:

- Added item parsing utilities (parseItems/serializeItems) for comma-separated strings
- Implemented list view (full-width rows) and grid view (responsive cards)
- Added view mode toggle buttons per inventory section (onPerson, stored, assets)
- View preferences persist per-section in settings
- Replaced text-based editing with add/remove item controls
- Added inline forms for adding new items (matching existing UX patterns)
- Applied theme accent color (--rpg-highlight) to all outlines and active states
- Updated all tabs (desktop/mobile/inventory subtabs) with theme-consistent styling

Technical improvements:
- Created itemParser.js utility module for item string manipulation
- Enhanced inventory rendering with conditional list/grid HTML generation
- Added switchViewMode handler with settings persistence
- Fixed [object Object] display bug with comprehensive type checking
- All buttons and items now use transparent backgrounds with theme accent borders
2025-10-17 17:30:57 +11:00
Lucas 'Paperboy' Rose-Winters 97dc87062f feat(inventory): replace prompt dialogs with inline editing
Replaced all prompt() and confirm() dialogs with contenteditable fields
and inline UI components for a better user experience.

Changes:
- Made inventory fields (On Person, Stored items, Assets) contenteditable
  with blur-to-save functionality
- Replaced "Add Location" prompt with inline form (hidden by default)
- Replaced "Remove Location" confirm with inline confirmation UI
- Added CSS styling for inline editing states (hover, focus, empty)
- Added CSS for inline forms, buttons, and confirmation UI
- Fixed bug where inventory sub-tabs were unclickable due to
  incorrect container ID in toggleLocationCollapse() and
  switchInventoryTab() functions

All inline edits now save automatically on blur, matching the UX
pattern used elsewhere in the extension (mood/conditions fields).
2025-10-17 16:27:59 +11:00
Lucas 'Paperboy' Rose-Winters 60e4a6c2cc feat(inventory): add interaction handlers for v2 system
Create comprehensive inventory interaction module:

**NEW: inventoryActions.js (286 lines)**
- editOnPerson() - Edit items currently carried/worn
- editStoredLocation() - Edit items at specific storage location
- editAssets() - Edit vehicles, property, major possessions
- addStorageLocation() - Create new storage location with validation
- removeStorageLocation() - Delete location with confirmation
- toggleLocationCollapse() - Collapsible sections with persistent state
- switchInventoryTab() - Handle sub-tab switching
- initInventoryEventListeners() - Event delegation for dynamic content
- updateLastGeneratedDataInventory() - Keep AI context synced

**Interaction Patterns:**
- Uses native prompt() and confirm() for user input
- Event delegation: .on() for dynamic elements
- Full persistence: saveSettings() + saveChatData() + updateMessageSwipeData()
- Auto re-render after every mutation
- Maintains UI state (activeSubTab, collapsedLocations)

**State Management:**
- Tracks collapsed locations across sessions
- Persists in extensionSettings.collapsedInventoryLocations
- Current tab state maintained in module scope

**Data Flow:**
User Action → Handler → Update inventory → Update lastGeneratedData
→ Persist (settings + chat + swipe) → Re-render UI

Part of Epic 7.6: Inventory interactions
Next: Wire into main panel and initialize event listeners
2025-10-17 15:28:59 +11:00